package com.itheima.health.config_security;

import com.itheima.health.config_jwt.JWTAuthenticationFilter;
import com.itheima.health.config_jwt.JWTAuthorizationFilter;
import com.itheima.health.config_jwt.JwtProperties;
import com.itheima.health.service.MemberService;
import org.apache.dubbo.config.annotation.Reference;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@SuppressWarnings("ALL")
/**
 * @Description : 重写 security框架的默认配置
 * @author     :LD
 */
//@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启注解权限支持
@EnableConfigurationProperties(JwtProperties.class)//使JwtProperties自定义配置生效
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    MyUserDetailService myUserDetailService;
    @Autowired
    private JwtProperties properties;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();//  密码加密 对象
    }
    /**
     * 设置匿名访问路径
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/css/**","/js/**","/template/**");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //基于内存，定义认证的用户账号，密码，以及权限关键字
//        auth.inMemoryAuthentication().withUser("admin").password("{noop}1234").roles("ADMIN");//密码采用明文处理
//        auth.inMemoryAuthentication().passwordEncoder(passwordEncoder()).withUser("admin").password(passwordEncoder().encode("1234")).roles("QUERY");

        //数据库版用户认证
        auth.userDetailsService(myUserDetailService).passwordEncoder(passwordEncoder());
    }

    /**
     * 自定义登录界面配置
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        http.
//                formLogin()
//                .loginPage("/login.html")//设置登录界面
//                .loginProcessingUrl("/login")//表单提交的地址
//                .defaultSuccessUrl("/page/index.html")//登录成功跳转的页面
//                .and()
//                .authorizeRequests().antMatchers("/page/find.html").hasRole("ADMIN")
//                .antMatchers("/page/**","/user/**").authenticated()//表示 page下的所有资源 都需要认证才可以访问
//                .and()
//                .exceptionHandling().accessDeniedPage("/error.html")//403无权限友好页面
//                .and()
//                .logout().logoutUrl("/logout.do").logoutSuccessUrl("/login.html").invalidateHttpSession(true)//退出操作，并清空session
//                .and()
//                .csrf().disable()//关闭 csrf过滤器
//                .addFilter(new JWTAuthenticationFilter(super.authenticationManager(),properties))
//                .addFilter(new JWTAuthorizationFilter(super.authenticationManager(),properties));
        http
                .csrf()
                .disable()
                .addFilter(new JWTAuthenticationFilter(super.authenticationManager(),properties))
                .addFilter(new JWTAuthorizationFilter(super.authenticationManager(),properties))
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS); // 禁用session
    }
}
